![]() Aside from specific cases like this, LastPass adds also an inherent overhead which I'm not sure I'm cool with. In Firefox I would often run into janks when using IRCCloud (web based IRC client) with the LastPass addon installed. I've found the LastPass extension to be a bit of a performance hog. However, at this stage this is a trade I'm at least willing to try out. I'm going to lose out on things like autofill. In switching I'm hoping to guard myself against vulnerabilities such as those above. KeePass doesn't integrate into browsers (though it has plugins that do so). These issues too have been fixed, but they can exist in the first place because of the design of these extension based managers. LastPass is in good company here, Project Zero have shown up issues with other password manager browser extensions such as 1Password and Dashlane. ![]() That said, they have swiftly dealt with the vulnerabilities raised, which is a great thing. For example, LastPass recently have had some issues with their browser extenstion brought to light: see here and here. This doesn't mean these managers are busted, but it makes the job of securing them that much harder. Password managers running in the browser have an attack surface which includes JavaScript and the DOM. In terms of the why I'm trying something else, these reasons will apply to pretty much any browser extension based password manager. I also think LastPass is pretty good, I've used it historically because I like it. That said: I think any password manager is much better than the alternative of manually managing passwords. The two major reasons I'm trying something else are security and performance. If you're just interested in how to migrate, you can skip straight to the how section. Goodbye LastPass and thanks for all the fish.I've recently been trying out KeePass 2 as an alternative to LastPass, in this post I'm going to go briefly into why I made the switch, and detail how you can do so with a fairly minimal amount of pain. My thanks to the KeePassXC developers for providing us with the best cross-platform free and open-source password manager. Please refer to How to connect KeePassXC-Browser with KeePassXC for a quick tutorial on configuring browser integration. The animated gif below shows the browser extension in its full glory. I’ve been experimenting with the Firefox extension and found it to be working as advertised, without any complications. KeePassXC also provides official browser extensions for Firefox, Google Chrome, Chromium and Vivaldi. KeePassXC 2.3.4 running on Arch Linux x86_64. The next image shows the entry for the converted “database note type” from LastPass (secure notes) after running the import. Importing CSV fields from the LastPass export file The following image shows KeePassXC’s import CSV fields screen with the column mapping applied as earlier specified: KeePassXC Created: LastPass Not present in CSV file KeePassXC Last modified: LastPass Not present in CSV file The mapping itself is rather straightforward. Next, we’ll enter the CSV import screen to map the columns from the export file against KeePassXC’s corresponding columns. Choose a password and optionally add a key file before hitting the “OK” button. The columns from the export are arranged in the following order, which will have significance when the CSV file is to be imported with KeePassXC: url: column1įav: column7 Importing a CSV file with KeePassXCįire up KeePassXC and select Database => Import => Import CSV file. The content of the file is available in clear text so we can observe both user credentials and the database configuration for this site: configuration for ", - DB,Secure Notes,0 ![]() The following file consists of two regular sites and a secure note. Let’s examine the exported file from LastPass. Using the LastPass extension, simply navigate to: More options => Advanced => Export => LastPass CSV file and save the resulting file using the. Thankfully, LastPass has made it easy to export and migrate your data by allowing it to be exported as a CSV file. As faith would have it, a fork of KeePassX, the password manager I was previously using before moving everything off to LastPass. Enter KeePassXC, a free and open-source password manager. KeePassXC 2.3.4 running on Arch Linux x86_64.Īnyhow, it’s finally time to smell the hobbit and retake control of my precious. Sadly, the answer is that I’m just that lazy and LastPass made things very convenient. I’ve been pondering the reasons as to why I’m now depending on this piece of proprietary software that’s happily storing all my sensitive credentials on somebody else’s server. I’ve never really felt all that good about storing my passwords on the public cloud, but after we started using LastPass at work I somehow got lulled into adopting it for personal use as well.
0 Comments
Leave a Reply. |